1. Home
  2. Cisco Systems
  3. Changing pix configs when failover is configured

Changing pix configs when failover is configured

just started working for a different company. They have redundant pix

525 firewalls connected via serial. The short question

The question is if I changing the config on one pix do i also have to make the same change on another? I would think you would have to because what would happen if the configs differed and one went down. I would think in that case the failover pix would only run what it was configured to and any changes not applied to it would be programmed.

here is the long version and why the change is being made:

They have decided to change internet carriers due to the divide between

Verizon and Level 3. Because of the divide they would have lost their current public ip subnet and found cheaper service through a company called global crossing which means they are also changing ip addresses.

Here is the question: I believe I know the answer already but I just wanted to check and make sure I am not wrong.

Do I need to change the config on both pix's to reflect the public IP address change?

Thanks,

Steve

Reply to
Newbie72
Loading thread data ...

Hi Steve,

You may find this thread helpful:

formatting link
and How Failover Works on the Cisco Secure PIX Firewall:

formatting link
Hope this helps.

Brad Reese BradReese.Com - Cisco Network Engineer Directory

formatting link
Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 USA & Canada: 877-549-2680 International: 828-277-7272 Fax: 775-254-3558 AIM: R2MGrant Website:
formatting link

Reply to
www.BradReese.Com

Has your company investigated the reputation of the new ISP? Has it investigated the new ISP's track record in service delivery? What kind of traffic does it block or rate limit? What do third parties have to say about its spam policies and privacy policies?

Sometimes cheaper is just as good for all practical purposes, and sometimes cheaper is a Big Headache Waiting To Happen.

Reply to
Walter Roberson

The investigation portion was done before I started. i do know that Global Crossing while it is not as big as Verizon it is still a large company. These are all great points though and thanks for the help everyone.

Steve

Walter Robers> >

Reply to
Newbie72

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.